NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | ATTRIBUTES | SEE ALSO | NOTES
/etc/security/audit_user
audit_user is an access-restricted database that stores per-user auditing preselection data. You can use the audit_user file with other authorization sources, including the NIS map audit_user.byname and the NIS+ table audit_user. Programs use the getauusernam(3BSM) routines to access this information.
The search order for multiple user audit information sources is specified in the /etc/nsswitch.conf file. See nsswitch.conf(4). The lookup follows the search order for passwd(4).
The fields for each user entry are separated by colons (:). Each user is separated from the next by a newline. audit_user does not have general read permission. Each entry in the audit_user file has the form:
username:always-audit-flags:never-audit-flags |
The fields are defined as follows:
User's login name.
Flags specifying event classes to always audit.
Flags specifying event classes to never audit.
For a complete description of the audit flags and how to combine them, see audit_control(4).
other:lo,am:io,cl fred:lo,ex,+fc,-fr,-fa:io,cl ethyl:lo,ex,nt:io,cl |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Interface Stability |
See below |
The file format stability is evolving. The file content is unstable.
This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | ATTRIBUTES | SEE ALSO | NOTES